USA's FBI reports ATM skimmers using Bluetooth connected devices

A report by the USA's Federal Bureau of Investigation following the conviction of an ATM skimmer reveals a relatively little-known technique that reduces the prospect of capture of the criminals involved.

Ilie Sitariu, 37, a Romanian, and a conspirator who has since fled the USA, spent three months in autumn 2015 driving along the Interstate-87 corridor near Albany in New York.

Skimming typically requires two devices to be installed on an ATM or other card reader: one piece skims, or captures, data from a card’s magnetic stripe, while an accompanying pinhole camera captures cardholders’ PINs as they’re entered. While Sitariu’s devices were considered relatively primitive—two simple pieces of metal with a skimmer hidden in one and a camera hidden in the other—they were sophisticated enough to do damage.

The exterior of the metal casing attached to ATMs showing the pinhole through which the video of PIN inputs were recorded.

The internal electronics of the device.

The men left the skimming equipment in place at each machine for about a day before returning to collect it—along with the account numbers and PINs of those who had used the ATMs during that time. They then loaded that information onto another card and used it to pull cash out of the victims’ accounts. The money was then loaded onto what Americans call "gift" cards (prepaid cards) to help cover their tracks.

Some banks noticed the skimming devices right away, allowing them to contain their losses, while others had their customers’ accounts drained. At one bank, the fraudsters took USD63,000. In total, they stole more than USD127,000 from accounts at three banks.

Many ATM skimming cases are linked to Eurasian crime groups and the stolen funds can wind up overseas as a funding source for international criminal activity, says the FBI.

However, the devices are becoming more sophisticated, says the FBI. It says that it has discovered devices that have Bluetooth connections which enable criminals to download the data without returning to the ATM and the increased risk of detection that affords.